Date: Thu, 23 May 2002 01:43:08 +0200 From: Stephanie Wehner <_@r4k.net> To: Paul Herman <pherman@frenchfries.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: file flags in /modules Message-ID: <20020522234308.GA88468@r4k.net> In-Reply-To: <20020522151939.I51256-100000@mammoth.eat.frenchfries.net> References: <20020522194304.GA70619@r4k.net> <20020522151939.I51256-100000@mammoth.eat.frenchfries.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Wed, 22 May 2002, Stephanie Wehner wrote: > > > Is there any particular reason why the immutable flag is turned > > on for /kernel, but not for any loadable modules ? > > You could rightly argue that someone could overwrite a particular > module and then reboot the machine in order to have it loaded, but > then /modules wouldn't be your only worry. You'd have to protect > many files, including but not limited to: sure. but it's not the same to replace a userland program then to load your own kernel code (which as you pointed out is indeed not possible if the security level has been raised) and which is what would happen if I overwrote a kernel module and rebooted your box. I just found it a bit half hearted that this flag was set by default for /kernel, but not for /modules/*. Perhaps giving someone who is less familar with this the wrong impression. (eg using this secure, even more secure, whatever setting I've seen in sysinstall lately) That's all. :) bye, Stephanie --<> _@r4k.net <>------------------<> FreeBSD <>------------------- #3 - Anime Law of Sonic Amplification, First Law of Anime Acoustics In space, loud sounds, like explosions, are even louder because there is no air to get in the way. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020522234308.GA88468>